I am configuring JBoss/mod_cluster to serve the applications with Apache. Now I want to disable the access to those application by the clientes in JBoss, just by the Apache, but allow to access to administration applications from anywhere directly to the JBoss (I have configured the authentication for consoles). How can I do this? Is there any "centralized" file where I can define this without have to modify each deployed application config? My goal is this:

having an Apache in front of your JBoss is a big advantage. I would prefer to disable the JBoss HTTP-Connector and handle all traffic via Apache. There you can limit or allow access to your apps via <Location /web-console> deny from all; allow from *.your.domain; and so on.

In a Tomcat-Environment you could use RemoteAdressValve to limit access to your context. JBoss does not need an explicit context config, as it pulls it's info from jboss-web.xml or some EAR data, I think, that Apache would be the only possibility. Perhaps someone else from community knows a trick.

Thanks for your answer. Finally, I will publish all applications through Apache, and limit the access to JBoss to only the Apache's. As administration applications are secured, i don't care "normal users" can access them, as the will be prompted for a user with permissions the don't have. The original post was to avoid to publish all administration applications with Apache, but I have realized it has not much sense.